CVE-2024-26952: ksmbd: fix potencial out-of-bounds when buffer offset is invalid

0.0 CVSS

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix potencial out-of-bounds when buffer offset is invalid

I found potencial out-of-bounds when buffer offset fields of a few requests
is invalid. This patch set the minimum value of buffer offset field to
->Buffer offset to validate buffer length.

Classification

CVE ID: CVE-2024-26952

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.06% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://git.kernel.org/stable/c/ad6480c9a5d884e2704adc51d69895d93339176c
https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e
https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63
https://git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5
https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da

Timeline

2024-12-03 00:11:51 UTC
CVE

ksmbd: fix potencial out-of-bounds when buffer offset is invalid